Home | History | Annotate | Download | only in www
      1 <?php
      2 
      3 require('config.php');
      4 
      5 $db = new PDO($osu_db);
      6 if (!$db) {
      7    die($sqliteerror);
      8 }
      9 
     10 if (isset($_POST["id"]))
     11   $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
     12 else
     13   die("Missing session id");
     14 
     15 $user = $_POST["user"];
     16 $pw = $_POST["password"];
     17 if (strlen($id) < 32 || !isset($user) || !isset($pw)) {
     18   die("Invalid POST data");
     19 }
     20 
     21 if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) {
     22   echo "<html><body><p><red>Invalid username</red></p>\n";
     23   echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
     24   echo "</body></html>\n";
     25   exit;
     26 }
     27 
     28 $row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
     29 if ($row == false) {
     30    die("Session not found");
     31 }
     32 $realm = $row['realm'];
     33 
     34 $userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
     35 if ($userrow) {
     36   echo "<html><body><p><red>Selected username is not available</red></p>\n";
     37   echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
     38   echo "</body></html>\n";
     39   exit;
     40 }
     41 
     42 $uri = $row['redirect_uri'];
     43 $rowid = $row['rowid'];
     44 
     45 if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) {
     46   die("Failed to update session database");
     47 }
     48 
     49 $db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
     50 	"VALUES ('$user', '$realm', '$id', " .
     51 	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
     52 	"'completed user input response for a new PPS MO')");
     53 
     54 header("Location: $uri", true, 302);
     55 
     56 ?>
     57